MIL1 requirements
a. Cyber risks are prioritized based on estimated impact, at least in an ad hoc manner
MIL2 requirements
b. Defined criteria are used to prioritize cyber risks (for example, impact to the organization, impact to the community, likelihood, susceptibility, risk tolerance)
c. A defined method is used to estimate impact for higher priority cyber risks (for example, comparison to actual events, risk quantification)
d. Defined methods are used to analyze higher priority cyber risks (for example, analyzing the prevalence of types of attacks to estimate likelihood, using the results of controls assessments to estimate susceptibility)
e. Organizational stakeholders from appropriate operations and business functions participate in the analysis of higher priority cyber risks
f. Cyber risks are removed from the risk register or other artifact used to document and manage identified risks when they no longer require tracking or response
MIL3 requirements
g. Cyber risk analyses are updated periodically and according to defined triggers, such as system changes, external events, and information from other model domains
The organization has defined procedures for assessing and treating cyber security risks. The definition includes at least:
The task owner regularly checks that the procedure is clear and produces consistent results.
Digiturvamallissa kaikki vaatimuskehikkojen vaatimukset kohdistetaan universaaleihin tietoturvatehtäviin, jotta voitte muodostaa yksittäisen suunnitelman, joka täyttää ison kasan vaatimuksia.
.png)
Paranna osaamistasi viikoittaisten webinaarien, videokurssien, artikkeleiden ja blogien avulla.
